The State of SCADA on the Internet

The insecure state of SCADA devices is well known and concerning. These connected devices are largely Internet connected. While this is not a new phenomenon, connected devices have continually garnered attention- from attackers and researchers alike. In this talk, Kyle Wilhoit presents the state of SCADA on the Internet, answering the who, what, when, where, […]

Read more

EventID Field Hunter (EFH) – Looking for malicious activities in your Windows events

There are thousands of possible Windows event IDs, split into 9 categories and 50+ subcategories. The Windows Event Logs provide a historical record of a wide range of actions such as login/logoff, process creation, files/keys modifications, and packet filtering. These logs provide investigators with a wealth of information that can be analyzed in many different […]

Read more

RTF Abuse: Exploitation, Evasion and Counter Measures

If you knew how many ways you could obfuscate and deliver payloads with RTF documents, you would have thought it was a file format Microsoft secretively purchased from Adobe. Kidding aside, 2016 has peeked my interest in the RTF specification and you should learn why.  This talk walks through research experiences and examples that take […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!